Richard Bejtlich's blog on digital security, strategic thought, and military history.

Wednesday, March 17, 2004

Snort_Inline: Snort-based "Intrusion Prevention"

The Snort_inline project released a version compatible with Snort 2.1.1 this week. Snort_inline works with firewall software on the same host to drop packets matching Snort signatures. Apparently there is experimental support for running Snort_inline on FreeBSD using using divert(4) and ipfw(8). Just the other day I read a news posting on the snort_inline mailing group archives, but today the archive is gone. I subscribed to the mailing list just now and plan to ask what's happened.